GAO-13-157, PROTECTING DEFENSE TECHNOLOGIES: DOD ...

GAO 

United States Government Accountability Office 

Report to Congressional Committees 

January 2013 

PROTECTING 

DEFENSE 

TECHNOLOGIES 

DOD Assessment 

Needed to Determine 

Requirement for 

Critical Technologies 

List 

GAO-13-157

January 2013 

PROTECTING DEFENSE TECHNOLOGIES 

DOD Assessment Needed to Determine Requirement 

for Critical Technologies List 

Highlights of GAO-13-157, a report to 

congressional committees 

Why GAO Did This Study 

DOD spends billions of dollars on 

sophisticated weapon systems and 

technologies to maintain military 

superiority. Such technologies are 

vulnerable to exploitation when 

exported, stolen, or lost during military 

missions. To identify critical 

technologies and help minimize these 

risks, DOD established the MCTL—a 

technical reference—as well as a 

compendium of worldwide emerging 

technologies. In 2006, GAO reported 

that the MCTL was out of date and not 

meeting users’ requirements, and 

subsequently included the list as a key 

component of GAO’s high risk area on 

protecting critical technologies. This 

report updates GAO’s 2006 work and 

reviews the extent to which 1) DOD 

has addressed weaknesses in 

updating and maintaining the MCTL, 

and 2) agencies use the MCTL as a 

resource in identifying critical 

technologies. GAO reviewed laws, 

directives, and guidance, as well as 

documentation of DOD actions since 

2006 to address MCTL concerns and 

interviewed officials from DOD and the 

Departments of Commerce, State, and 

the Treasury. 

What GAO Recommends 

GAO recommends that DOD take 

steps to (1) determine the best 

approach for meeting users’ 

requirements for a technical reference 

to consistently identify critical 

technologies, whether it be the MCTL 

or an alternative and (2) ensure 

adequate resources are available to 

sustain the approach chosen. Further, 

if DOD determines that the MCTL is 

not the optimal solution, it should seek 

necessary relief from its responsibility 

to develop the list. DOD concurred with 

GAO’s recommendations. 

View GAO-13-157. For more information, 

contact Belva Martin at (202) 512-4841or 

martinb@gao.gov. 

What GAO Found 

While the Department of Defense (DOD) took steps to address previously 

identified weaknesses in updating and maintaining the Militarily Critical 

Technologies List (MCTL), the list remains outdated and updates have ceased. 

For example, DOD has solicited users’ requirements and feedback on the MCTL, 

and added a search engine capability to improve navigation of the list and 

updated each technology section at least once. DOD also determined the list’s 

purpose is to support export control decisions and in October 2008, issued an 

instruction that (1) recognized the list’s usefulness for other DOD programs and 

activities and (2) outlined the roles, responsibilities, and procedures for updating 

and maintaining the list. However, in 2011, DOD cut funding for the program 

from $4 million in prior years to about $1.5 million and ceased MCTL content 

updates. Subsequently, DOD removed the public version of the list from the 

Internet, and officials posted a disclaimer for the restricted version noting that the 

list should only be used for informational purposes as it had not been updated. 

Similarly, the compendium of emerging technologies is outdated and two 

sections have not been updated since 1999. Program officials from the Militarily 

Critical Technologies Program have devised a plan to improve how MCTL 

content will be updated in the future, including relying on contributions from the 

user community, but implementation of the plan has been limited due to funding 

constraints. However, program officials have yet to get input from users to agree 

to this approach and would still require additional funding to implement it. 

The MCTL is not used to inform export decisions—its original purpose. Export 

control officials from DOD and the Departments of Commerce and State 

reiterated their longstanding concern that the MCTL is outdated and too broad to 

meet export control needs. DOD officials who provide input on the criticality of 

technologies as part of export license determinations and reviews of foreign 

acquisition of U.S. companies told us that they do not rely on the MCTL to inform 

their decision making despite DOD guidance to do so. Instead, they consult their 

own network of experts, which they consider to be a more reliable source to get 

current technology information. Other DOD programs to protect critical 

technologies need a technical reference such as the MCTL and have integrated 

the list to help inform decision making. For example, the MCTL has been fully 

integrated into DOD’s anti-tamper critical technology tool, which is designed to 

facilitate analysis and decision making to protect the most valuable military 

assets from tampering when exported or lost in military missions. Also, to inform 

its analysis of industrial espionage activities such as foreign targeting of U.S. 

technologies, the Defense Security Service relies on the MCTL to identify overlap 

and connections between different technology categories. With the suspension of 

MCTL updates, these programs are seeking alternatives, and in one case, 

developing their own technical reference which could result in inefficient use of 

resources. DOD officials working with MCTL users have an opportunity to 

coordinate efforts and help minimize inconsistent approaches to identify critical 

technologies and any potential duplication of effort. 

United States Government Accountability Office

Contents 

Letter 1 

Background 3 

Despite DOD’s Actions to Address Weaknesses, MCTL Is Outdated 

and Updates Have Ceased 7 

MCTL Is Not Being Used for Its Original Purpose, and Other 

Programs Face Challenges Because It Is Outdated 12 

Conclusions 18 

Recommendations for Executive Action 18 

Agency Comments 19 

Appendix I Scope and Methodology 21 

Appendix II U.S. Government Technology Protection Programs 23 

Appendix III Comments from the Department of Defense 24 

Appendix IV GAO Contact and Staff Acknowledgments 26 

Tables 

Table 1: Technologies Covered by the MCTL 7 

Table 2: U.S. Government Programs for the Identification and 

Protection of Critical Technologies 23 

Figures 

Figure 1: Key elements of a MCTL technology datasheet 6 

Figure 2: MCTL Section Updates by Calendar Year 10 

Page i 

GAO-13-157 Protecting Defense Technologies

Abbreviations 

DOD 

DSS 

DTSA 

MCTL 

Department of Defense 

Defense Security Service 

Defense Technology Security Administration 

Militarily Critical Technologies List 

This is a work of the U.S. government and is not subject to copyright protection in the 

United States. The published product may be reproduced and distributed in its entirety 

without further permission from GAO. However, because this work may contain 

copyrighted images or other material, permission from the copyright holder may be 

necessary if you wish to reproduce this material separately. 

Page ii 


United States Government Accountability Office 

Washington, DC 20548 

January 23, 2013 

Congressional Committees 

Each year, the Department of Defense (DOD) spends billions of dollars to 

develop and produce sophisticated weapon systems and technologies to 

maintain military superiority. The growing complexity and availability of 

these systems and technologies pose risks to U.S. national security 

interests. There have been increasing attempts by foreign entities to 

obtain illegal or unauthorized access to U.S. sensitive or classified 

information and technology, such as information systems, lasers, optics, 

and sensor technologies, which are among the most targeted 

technologies by foreign entities, according to the Defense Security 

Service (DSS). Identifying which technologies are critical to U.S. interests 

helps counter the threats of unauthorized access to U.S. technologies 

which are at risk of exploitation when exported, stolen, or lost or damaged 

during combat or routine missions. Failure to do so, accurately and 

consistently, could significantly enhance the military capability of a 

potential adversary and may result in insufficient protection of those 

systems, thereby increasing U.S. national security and economic risks. 

To help minimize these risks, DOD invests resources to develop and 

maintain the Militarily Critical Technologies List (MCTL). The Export 

Administration Act of 1979 established the MCTL and required DOD to 

identify technologies possessed by the U.S. and which, if exported, would 

permit a significant advance in the military system of another country. 1 

Since then, the list has expanded to capture technology capabilities 

developed worldwide. In 2006, we reported on several challenges facing 

the MCTL including that it was significantly out of date and not meeting 

users’ requirements. 2 At that time, we made a number of 

recommendations to improve the utility of the list and subsequently 

included the identification of critical technologies as a key component of a 

1 50 U.S.C. app. §§ 2401-2420. Authority granted by the Act lapsed on August 20, 2001. 

However, the President has, to the extent permitted by law, kept in effect the provisions of 

the Act and its implementing regulations through Executive Order 13222 of August 17, 

2001 (66 Fed. Reg 44,025). Executive Order 13222 was most recently extended by 

Presidential Notice on August 15, 2012. 

2 GAO, Defense Technologies: DOD’s Critical Technology Lists Rarely Inform Export 

Control and Other Policy Decisions, GAO-06-793 (Washington, D.C: July 28, 2006). 

Page 1 


GAO high risk area on protecting technologies that are critical to U.S. 

national security interests. 3 This high risk area includes eight separate 

programs at DOD and the Departments of Commerce, State, and the 

Treasury, that each have roles in protecting critical technologies. We also 

reported that DOD program managers faced difficulties in identifying 

critical technologies, increasing the risk that some technologies may not 

be identified and resulting in, for example, inadequate anti-tamper 

protection that deters or delays exploitation of critical technologies. 4 We 

prepared this report under the authority of the Comptroller General to 

evaluate government programs as part of our continued effort to assist 

Congress with its oversight responsibilities regarding the protection of 

critical technologies. This report updates our 2006 work and reviews the 

extent to which (1) DOD has addressed identified weaknesses in 

updating and maintaining the MCTL and (2) programs use the MCTL as a 

resource in identifying critical technologies. 

To conduct our work, we reviewed the Export Administration Act of 1979, 

as amended, and reviewed Executive Orders, DOD directives and 

guidance regarding the use of the MCTL to inform export control and 

other policy decisions. We also obtained information and documentation 

on actions DOD has taken since our 2006 report to address the 

challenges facing the MCTL. We interviewed officials from the 

Departments of Commerce, Defense, State, and Treasury involved in the 

8 programs that we previously identified as central to the identification 

and protection of critical technologies about the extent to which they use 

the MCTL or other resources to identify critical technologies. See 

appendix I for more details on our scope and methodology; the 8 

programs on critical technology identification and protection are described 

in appendix II. 

We conducted this performance audit from May 2012 through January 

2013, in accordance with generally accepted government accounting 

standards. Those standards require that we plan and perform the audit to 

obtain sufficient, appropriate evidence to provide a reasonable basis for 

our findings and conclusions based on our audit objectives. We believe 

3 GAO, High Risk Series: An Update, GAO-07-310 (Washington, D.C.: January 2007). 

4 GAO, Defense Acquisitions: Departmentwide Direction Is Needed for Implementation of 

the Anti-tamper Policy, GAO-08-91 (Washington, D.C.: January 11, 2008). 

Page 2 


that the evidence obtained provides a reasonable basis for our findings 

and conclusions based on our objectives. 

Background 

DOD’s key priority is maintaining military superiority. To this end, DOD 

has established a department-wide policy to ensure that military and dualuse 

articles—items that have military and commercial applications—are 

treated as valuable national security resources and critical U.S. military 

technological advances are preserved. Under the Export Administration 

Act, which governs exports of dual-use items, DOD has primary 

responsibility for developing the MCTL, 5 which has broadened to a 

compendium of worldwide science and technology capabilities—existing 

or under development—that could significantly enhance or degrade U.S. 

military capabilities now or in the future. First published in 1980, the 

MCTL’s original purpose was to inform export licensing determinations 

and was to be integrated with expediency into the Commerce Control 

List, 6 which is maintained by the Secretary of Commerce and lists goods 

and technologies subject to export controls. The MCTL itself is not an 

export control list. Rather, according to DOD, it is the department’s 

recommendation for the criteria, parameters, and operating conditions 

that constitute militarily critical capabilities for defense and dual-use items 

that should be controlled. This knowledge can be used to limit a potential 

adversary’s access to technologies that would enable a significant military 

advantage. 

A range of DOD components, other federal agencies, and nongovernment 

entities need to know what is militarily critical to facilitate 

decision making in efforts to minimize or prevent the compromise of U.S. 

technological or military advantage. Knowledge about which technologies 

are critical and warrant protection from illegal or unauthorized access is 

needed for, among other things: 

• export controls and licensing decisions for dual-use and arms exports, 

which fall under the purview of the Departments of Commerce and 

State, respectively; 

5 50 U.S.C. app. § 2404(d)(2). 

6 50 U.S.C. app. § 2404(d)(4). 

Page 3 


• consideration of anti-tamper protection of critical technologies on 

defense systems, which is primarily coordinated by anti-tamper 

officials and acquisition program offices within the military services; 

• review of foreign acquisitions of U.S. firms that are involved in the 

development or manufacture of defense technologies, which is 

coordinated with several federal agencies; 

• counterproliferation and counterintelligence programs and activities 

performed by DOD entities such as DSS to protect against industrial 

espionage; and 

• determinations about the public release of technical or scientific 

information. 

To meet the range of information requirements and enhance knowledge 

of what is militarily critical, the Militarily Critical Technologies Program 

within DOD oversees periodic assessment of dual-use and military 

technologies. The program, which has resided in various DOD offices 

throughout its 30-year history, currently is part of the Office of the 

Assistant Secretary of Defense for Research and Engineering with 

program oversight provided by the Technology Security Office. Since its 

inception in 1980, the program has contracted with the Institute for 

Defense Analyses, a federally funded research and development center, 

to provide scientific and technical support to develop and maintain the 

MCTL. 

Produced in both public and restricted versions, the list is divided into 20 

sections and covers a range of technologies that are of concern in the 

near term. Its content is derived from periodic technology assessments 

completed by various technology working groups consisting of experts 

from government, industry, and academia, who identify the parameters 

and associated values at which technologies are assessed as being 

militarily critical, based on definitions established by the Export 

Administration Act. To develop the list of critical technologies, DOD is 

required to consider the collection of elements of technologies—design, 

manufacturing, inspection, testing, operations, and maintenance—which, 

if exported to another country, would permit a significant advantage to a 

Page 4 


military system of that country. 7 Using the latest version of the MCTL as a 

baseline, experts may add or remove technologies and make other 

modifications based on their assessments. The experts’ findings are 

presented in individual datasheets that profile a specific technology type. 

In addition to describing the technology and the technical issues that drive 

or influence the technology, the datasheets include quantitative and 

qualitative information to help facilitate determinations about the criticality 

of a technology. Figure 1 describes the key elements of a datasheet. 

7 The act requires that DOD, in developing the list of militarily critical technologies, 

consider (1) arrays of design and manufacturing know-how; (2) keystone manufacturing, 

inspection, and test equipment; (3) goods accompanied by sophisticated operation, 

application, or maintenance know-how; and (4) keystone equipment which would reveal or 

give insight into the design and manufacture of a United States military system. 50 U.S.C 

app. § 2404(d)(2). 

Page 5 


Figure 1: Key elements of a MCTL technology datasheet 

In total, the MCTL is comprised of more than 500 datasheets. As shown 

in table 1, the number of datasheets in each section ranges from 2 for 

biomedical technologies to 77 for lasers, optics, and sensors 

technologies, which are among the most targeted technologies by foreign 

entities, according to the DSS. DOD also created a companion 

compendium of emerging technologies being developed worldwide which 

includes basic research, applied research, and advanced technology 

development. As these emerging technologies mature and become a 

concern in the near term, they transition from the emerging list to the 

MCTL. 

Page 6 


Table 1: Technologies Covered by the MCTL 

Technology 

Number of 

subsections Number of data sheets 

Aeronautics 5 19 

Armaments and energetic materials 13 53 

Biological 4 14 

Biomedical 2 2 

Chemical 3 19 

Directed energy systems 2 9 

Energy systems 4 25 

Electronics 5 47 

Ground systems 3 3 

Information systems 6 25 

Lasers, optics, and sensors 9 78 

Processing and manufacturing 6 50 

Marine systems 5 34 

Materials and Processes 3 26 

Nuclear systems 2 6 

Positioning, navigation, and time 5 30 

Information security 3 16 

Signature control 3 22 

Space systems 12 61 

Weapons effects 4 29 

Source: DOD. 

Despite DOD’s 

Actions to Address 

Weaknesses, MCTL Is 

Outdated and Updates 

Have Ceased 

DOD Took Steps to 

Respond to MCTL 

Weaknesses 

Since our 2006 report, DOD has taken steps aimed at clarifying the 

MCTL’s purpose and improving its utility. For example, to better 

understand users’ requirements, the program office solicited feedback 

from DOD, Commerce, State, and the Defense Technology Security 

Page 7 


Administration (DTSA), military services, and DOD counterintelligence 

offices. Based on users’ requirements provided at that time, DOD 

determined that the MCTL’s purpose is to serve export control decisions. 

However, the department also recognized that the MCTL had expanded 

to serve other purposes such as counterintelligence and weapon system 

program protection, among other things. In addition, to allow users to 

more easily access the list content, DOD added a search engine 

capability to improve navigation and initiated efforts to convert the MCTL 

into a dynamic database to enable users to conduct advanced analytical 

queries such as identifying interdependencies across multiple technology 

types. In fiscal year 2007, the program’s budget was doubled to $4 

million, which program officials said was the appropriate funding level at 

the time to update and maintain the MCTL. To address concerns about 

the currency of the list, DOD began updating the MCTL to ensure that 

each technology section had been updated at least once since our 2006 

report. 

As part of these efforts to revamp the MCTL, DOD issued an instruction, 

in 2008, that clarifies MCTL implementation by outlining roles and 

responsibilities for informing the list’s content, specifying procedures for 

updating and maintaining the list, and designating the purposes for which 

certain DOD components are to use the MCTL. Among other things, the 

instruction: 

• specified that it is DOD policy that the MCTL serve as a technical 

reference to inform the development and implementation of 

technology security policies on international transfers of defenserelated 

goods, services, and technologies; 

• directed DTSA to consult the MCTL when developing DOD export 

control proposals, processing export license requests, and making 

technology transfer decisions; 

• specified that DOD components are to use the MCTL in making 

decisions about what information can be shared with foreign entities 

and provide subject matter expertise in identifying and assessing 

technologies for the MCTL; 

• required the development of a methodology—based on objective 

criteria that produce logical and repeatable results—for determining 

whether a given technology is militarily critical; and 

• accelerated the frequency of technology section updates from every 4 

years to every 2 years to keep pace with technology development. 

DOD also planned to migrate its emerging technologies list to the MCTL 

rather than maintaining two separate lists. 

Page 8 


According to program officials, the findings from our previous report 

served as a roadmap for corrective action and informed the development 

of a new concept of operations, drafted in 2010, which aims to implement 

the MCTL program requirements outlined in the 2008 DOD instruction. 

Further, implementation of the operational concept has been limited due 

to funding constraints; however, it calls for enhancing the functionality of 

the MCTL by: 

• supporting real-time technology updates from approved contributors 

as information becomes available rather than updating a technology 

section with all its sub-sections and datasheets in a single effort; 

• transitioning to a web-based application that will make data available 

in various document formats; 

• providing a more robust capability to search across multiple MCTL 

technology sections which is beneficial in cases where a given 

technology may have relevance to multiple sections; 

• enabling users to track content changes to each section and providing 

rationale for changes and access to previous versions; and 

• linking a given technology to its corresponding reference in export 

control lists such as the Commerce Control List and U.S. Munitions 

List. 8 

MCTL Updates Have 

Ceased and Public Version 

Is Not Published Online 

After responding to our 2006 report with such actions as issuing the 2008 

instruction and developing the 2010 concept of operations, DOD ceased 

updating the MCTL in 2011 and disbanded the technology working 

groups that assessed technologies and produced updates because of 

funding constraints, according to officials. DOD provided $1.49 million for 

the program in fiscal year 2012, which program officials say is not 

sufficient to support the work needed to meet the DOD requirement to 

update each technology section every 2 years. In light of expected 

funding decreases that began in fiscal year 2012, officials decided not to 

invest resources in updating MCTL sections and instead dedicated 

resources to complete archiving of research material for section updates 

that were underway. In the past 6 years, each section has been updated 

at least once; however, the Militarily Critical Technologies Program has 

not fully met its goal to update each section at least every 2 years in 

8 The Commerce Control List is maintained by the Department of Commerce and lists 

goods and technologies subject to export controls. The U.S. Munitions List is compiled by 

the Department of State and specifies defense goods and services requiring a license in 

order to be exported. 

Page 9 


accordance with the 2008 DOD instruction. The majority of updates—15 

of 20 technology sections—took place in 2009 as shown in figure 2. 

Figure 2: MCTL Section Updates by Calendar Year 

Although five technology sections—armament and energetic materials, 

materials and processing, processing and manufacturing, signature 

control, and weapons effects—were updated in accordance with the new 

Page 10 


instruction, currently none of the MCTL sections are in compliance with 

the 2-year update requirement. While funding was not reduced until fiscal 

year 2012, none of the sections were updated in 2011 and only one 

section—space systems—was updated in 2012 to support DOD’s report 

to Congress on the risks associated with moving certain satellite 

components from the U.S. Munitions List to the Commerce Control List. 

Four sections were updated after 2009; however, none of these updates 

have been validated, published, or made available to users, according to 

officials. Technology areas that advance rapidly, such as information 

security and information systems, have only been fully updated once in 

the past 6 years. These two sections, along with sections on electronics; 

biological; and position, navigation, and timing technologies, have been 

prioritized for updates once resources become available given the 

increasingly dated content in the MCTL, the technologies’ impact on 

national security, and the rate at which these technologies are being 

produced. 

In light of the risks associated with using outdated content to support 

technology protection decisions, in March 2011 program officials removed 

access to the public version of the list from the DOD website that hosted 

the list. The restricted version is still available via the same website, but 

program officials have posted a disclaimer noting that the list is no longer 

being updated and that content is being provided for information purposes 

only and is no longer intended to support technology decisions. 

DOD has also halted its plans to integrate the compendium of emerging 

technologies with the MCTL. Similar to the MCTL, the emerging 

technologies list is no longer being updated despite DOD guidance to 

identify and assess such technologies. Some sections of the emerging 

technologies list are more outdated than the MCTL. For example, based 

on information we obtained from DOD, the biomedical and biological 

technology sections have not been updated since 1999 because of lack 

of funding and oversight to ensure that the Institute for Defense Analyses 

conducted the assessments and produced the necessary updates. 

Additionally, officials noted that recent decreased funding levels hinder 

their ability to implement the new concept of operations to maintain and 

update the MCTL. In anticipation that funding may eventually be restored 

to execute program requirements, the program has devoted resources to 

begin developing electronic tools for the MCTL envisioned in the new 

concept of operations. These efforts are taking place without input from 

users on their requirements because, according to program officials, 

users have not been responsive to their efforts to solicit user 

Page 11 


equirements for the new automated system. Standards for Internal 

Control in the Federal Government specifies that agencies should obtain 

information from stakeholders that may have a significant impact on a 

program’s ability to achieve its goals. 9 Such information has an 

operational and budget impact and helps managers identify specific 

actions that need to be taken to achieve program goals and objectives. 

MCTL Is Not Being 

Used for Its Original 

Purpose, and Other 

Programs Face 

Challenges Because It 

Is Outdated 

The Absence of the MCTL’s 

Use in Export Control 

Decisions Remains 

Unchanged 

As we reported in 2006, the MCTL is not being used to inform export 

control or license determinations as originally established under the 

Export Administration Act. Specifically, Commerce, which is primarily 

responsible for reviewing and approving export licenses for dual-use and 

other items subject to the Export Administration Regulations, does not 

rely on the MCTL to inform such decisions. 10 Instead, Commerce relies 

on the technical and policy expertise of its staff and that of DOD, State, 

and the Department of Energy to inform decisions on export licenses and 

revisions to the Commerce Control List. Commerce officials reiterated 

longstanding concerns that the MCTL is too broad to be useful in 

reviewing individual export license applications. As early as 1982, soon 

after the MCTL was established, we reported that Commerce found the 

MCTL lacked the specificity needed to inform licensing decisions. 11 In 

2006, GAO again reported that Commerce officials were not using the list 

because the content is too broad and is not current. Commerce officials 

9 GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 

(Washington, D.C.: November 1999). 

10 Commerce shares this responsibility with DOD, State, and the Department of Energy. 

11 GAO, Export Control Regulation Could Be Reduced Without Affecting National Security, 

GAO/ID-82-14, (Washington, D.C.: May 26, 1982). 

Page 12 


also added that the MCTL may need to be produced, in part, as a 

classified product to better serve export control and licensing decisions. 

Although not specifically required to consult the MCTL, State also does 

not use it to inform its export license decisions for military technologies or 

in its review and approval of Foreign Military Sales. Instead, in 

deliberating export license applications State defers to DTSA for technical 

expertise. Commerce and State officials noted that the absence of the 

MCTL and suspension of MCTL updates have not impeded their ability to 

conduct export control or licensing functions. 

DTSA, which plays a central role in export controls and technology 

transfer and security functions, also does not consult the MCTL, despite 

DOD guidance to do so for licensing and export control decisions. Under 

the Export Administration Act, the MCTL is to be sufficiently specific to 

guide export licensing decisions. However, DTSA, Commerce, and State 

officials agreed that the MCTL lacks the specificity needed to inform such 

decision making. In addition to export controls decisions, DTSA provides 

input on behalf of DOD on decisions related to proposed foreign 

acquisitions of U.S. companies to determine whether the transaction 

involves technologies critical to U.S. interests. In its assessments of 

militarily critical technologies for export controls or other purposes, DTSA 

relies on its resident experts—which includes 50 engineers, who are 

considered to have unique knowledge of military and dual-use systems 

and capabilities—because these experts regularly consult with industry to 

bolster their knowledge of new capabilities and technologies and 

frequently seek the military services’ perspectives on the exportability of 

military and dual-use items. In addition, DTSA relies on its informal 

network of experts across DOD, the defense industrial base, and the 

research and development community in lieu of relying on a technical 

reference such as the MCTL, which they describe as a static product that 

has had difficulty keeping current with technology advancements. 

According to DTSA officials, its network of experts has a greater 

understanding of the technologies that DTSA reviews than can be 

obtained from the MCTL because DTSA’s network of experts can provide 

up-to-date information about a rapidly-developing technology that is not 

easily captured in a reference publication. 

While DTSA officials do not directly consult the MCTL, DTSA has 

convened its own technical working groups, that, in the past, have 

enlisted experts from the MCTL technology working groups to provide 

assistance in developing and evaluating proposed changes to the 

Wassenaar Arrangement—a multilateral export control regime with 41 

member countries that focuses on controlling the spread of certain 

Page 13 


conventional arms and sensitive dual-use items. 12 DTSA officials stated 

that disbanding the technology working groups has not adversely affected 

DTSA’s ability to carry out its responsibilities, since DTSA has its own inhouse 

technology working groups, which draw from the same pool of 

expertise as the MCTL technology working groups. 

An official from the Militarily Critical Technologies Program cautioned that 

using DTSA’s informal approach to determine critical technologies 

impedes DOD’s ability to maintain a record of these decisions for future 

analysis and decision making and does not ensure the use of objective 

criteria to produce repeatable results. Officials from the Militarily Critical 

Technologies Program explained that the MCTL is not an export control 

list, but rather an inventory of military and dual-use items that pose a 

threat to U.S. interests if obtained by an adversary. As provided in the 

Export Administration Act, the list is to be sufficiently specific to guide 

determinations regarding export licensing decisions. 

Other Programs Rely on 

the MCTL and Face 

Challenges Because 

Updates Have Ceased 

The purpose of the MCTL has evolved from informing export control and 

licensing decisions to serving various DOD programs, such as antitamper 

and counter-espionage. While these functions are outside of the 

original purpose of the MCTL, these programs and initiatives require 

knowledge on what is militarily critical. While these programs have 

different missions, they refer to the MCTL and have integrated this 

technical reference into their processes. In an effort to create a consistent 

and standardized method for identifying critical technologies across 

multiple programs, the Army and Navy have issued guidance that 

designates the MCTL as a reference that can be used to support the 

identification of critical technologies as part of the broader spectrum of 

critical program information. 13 For example, the Navy issued guidance 

identifying the MCTL as an available resource for acquisition programs to 

use in determining critical technologies, among other things. Similarly, the 

Army Research and Technology Protection Center Handbook 

recommends that Army acquisition programs use the MCTL to categorize 

12 Wassenaar Arrangement has two control lists: a munitions list and dual-use list. 

13 Critical program information includes components of an acquisition program such as 

information, technologies, or systems that, if compromised, would degrade combat 

mission effectiveness, shorten the expected combat effective life of the system; reduce 

technological advantage; significantly alter program direction, or enable an adversary to 

counter, copy, or reverse engineer the technology or capability. 

Page 14 


their critical technologies according to the applicable MCTL technology 

sections. Additionally, the DOD instruction regarding the MCTL that was 

issued in 2008 recognized that the list informs a range of functions 

including intelligence, counterintelligence, and weapon systems program 

protection, among others. 

In the absence of MCTL updates, DOD efforts that have a need for a 

technical reference to inform critical technology protection now face 

challenges. For example, 

• DOD’s Anti-Tamper Executive Agent integrated the MCTL into its 

critical technology tool, which was developed to provide greater 

consistency across DOD programs in identifying critical technologies 

and determining whether anti-tamper solutions should be applied. 14 

Using this tool, DOD acquisition program managers draw on the 

MCTL in determining which technologies are critical to their weapon 

systems and need anti-tamper protection to deter or delay exploitation 

of critical technologies. While DOD anti-tamper officials had a 

generally favorable view of the premise of the MCTL, they expressed 

concerns about the currency of the list as well as delays in publishing 

updated content, noting that in some instances, the content had 

become outdated by the time the information was published. Similar 

to Commerce officials, DOD anti-tamper officials noted that greater 

specificity in describing critical parameters is needed for the MCTL to 

be fully useful; however, this would require that the list be produced 

as a classified reference. The critical technologies tool is intended to 

be widely used across DOD and is also used by the defense industry, 

which plays a role in the initial identification of critical technologies 

and associated protective measures. Recently, DOD anti-tamper 

officials met with industry representatives to discuss a range of issues 

including the impact of suspending MCTL updates. Given the 

suspension of MCTL technology assessments and updates, the list 

may no longer be a viable reference for assisting in anti-tamper 

decisions. As the MCTL content ages, the list may increasingly lose 

relevance to ongoing acquisition programs. The absence of updates 

for technologies that advance rapidly, such as microelectronics, could 

render the related MCTL technology section unreliable. While a 

replacement for the MCTL has not yet been identified, a Navy anti- 

14 In addition to the MCTL, the tool also includes the Missile Technology Control Regime 

and a stealth technology reference. 

Page 15 


tamper official noted that export control lists such as the Commerce 

Control List or U.S. Munitions List would need to be bolstered with 

additional information to provide the utility that the MCTL provides in 

program protection efforts to be considered as potential alternatives. 

Currently, however, as part of the President’s export control reform 

initiative, efforts are underway to restructure the U.S. Munitions List 

and Commerce Control List in order to create a single positive control 

list, which would describe items using objective criteria, such as 

qualities to be measured—accuracy, speed, and wavelength—as well 

as units of measure—such as hertz and horsepower. Navy antitamper 

officials stated that it is too early to tell whether this will be a 

viable replacement as the reform efforts are in the early stages. 

• The MCTL’s taxonomy was adapted for use in DOD’s Acquisition 

Security Database, which the department has adopted to aid 

information sharing on critical program information—including critical 

technologies—across DOD acquisition programs. Within the 

database, the MCTL does not function as a decision-making tool, but 

rather ensures uniformity in how critical technology determinations are 

cataloged, referenced, and searched. DOD officials noted that the 

MCTL taxonomy provides a useful means for grouping technologies 

that acquisition programs have identified as critical. Such grouping of 

acquisition programs’ critical technologies facilitates more efficient 

analysis of horizontal protection and helps minimize inconsistent 

protections when identical or similar technologies are present in 

multiple weapon systems. In the absence of a replacement, the MCTL 

remains part of the database, though DOD officials stated that 

relevance of the MCTL content will diminish over time given the rapid 

changes in technologies for many of the technologies covered by the 

MCTL. 

• DSS uses the MCTL to support its counter-espionage activities. 

Specifically, DSS monitors suspicious attempts to obtain illegal or 

unauthorized access to restricted information. DSS refers to the 

MCTL to identify and define the U.S. defense technologies being 

targeted by foreign entities. Additionally, the list of militarily critical 

technologies allows DSS to assess the overlap and connections 

between different categories of technologies which, in turn, bolsters its 

analysis. DSS had previously relied on the compendium of emerging 

technologies for its analysis, but found it to be outdated and too broad 

for its purposes. Despite the aging content and lack of updates, DSS 

first reported using the MCTL in its 2011 report on foreign targeting of 

U.S. technologies. DSS officials consider the MCTL to be a standard 

reference that is recognized by the broader community involved in 

identifying and protecting critical technologies. Unlike other users, 

DSS does not require specificity in the MCTL, but uses the broader 

Page 16 


descriptions of the technology areas. Given the lack of MCTL 

updates, DSS officials considered adopting other references they had 

identified within DOD, Commerce, and State. For example, it 

considered using a list relating to items of proliferation concern, but 

decided against it because the list was too broad and not organized in 

a manner that would meet DSS’s needs. Faced with difficulty in 

finding a suitable alternative to the MCTL that sufficiently meets its 

needs, DSS now plans to develop its own technology reference. Such 

an undertaking will be time consuming and diverts resources from 

other missions, according to DSS officials. 

• DOD currently has efforts underway to inform a methodology for 

vetting potential critical technologies. However, DOD is unable to 

consider the MCTL as part of this methodology because of concerns 

about the currency of the list and the suspension of updates. A DOD 

official we spoke with noted that other resources such as the 

Commerce Control List, Missile Technology Control Regime, 15 U.S. 

Munitions List, and Wassenaar Arrangement Dual-Use and Munitions 

List are being considered instead of the MCTL. It is too early to tell 

whether this methodology will meet the needs of programs that 

currently use the MCTL and help to standardize critical technology 

identification as the effort has not yet been completed. 

Scientists and researchers involved in the development and manufacture 

of critical technologies for DOD may also have a need for a standardized 

reference and refer to the MCTL to make determinations about the public 

release of scientific and technical information for existing and emerging 

technologies. For example, a representative from a federally-funded 

research and development center we spoke with noted that it continues to 

rely on the MCTL despite its aging content as the center has not yet 

identified a suitable replacement that is as user-friendly. However, using 

an outdated resource increases the risk of unauthorized disclosure about 

existing or developing technologies, since an aging MCTL might not 

include new technology types developed subsequent to publication and 

could result in inadvertent disclosure. The risk of such disclosures poses 

a threat to U.S. interests and could result in fines or other penalties. Amid 

concerns about the currency of the MCTL, the official told us the center is 

considering adopting the Commerce Control List in lieu of the MCTL, but 

15 The Missile Technology Control Regime (MTCR) is a multi-lateral export control regime 

with 34 member countries. The MTCR members control a common list of items which is 

contained in the MTCR annex and covers rocket systems and UAVs, as well as a broad 

range of equipment, software, and technology. 

Page 17 


is waiting for completion of the ongoing export control reform efforts that 

includes establishing a positive control list before pursuing this 

alternative. 

Conclusions 

Since its inception, the MCTL has experienced challenges in meeting its 

original purpose to support export licensing decisions as established by 

the Export Administration Act. Consequently, the export control 

community has identified ways to obtain DOD input without the MCTL. 

Despite this, use of the list has evolved to meet other needs for a 

technical reference that provides a baseline to help achieve consistency 

in identifying what technologies are critical in order to maintain a 

technological advantage for the warfighter and to preserve U.S. 

investment in critical technologies. Faced with uncertainty about the 

availability of the MCTL, programs are considering alternatives, and in 

one case, developing their own technical reference, which may not be in 

the best interest of the federal government as such actions redirect 

resources from other critical missions and may result in unnecessary 

duplication and inconsistent approaches to identify and protect critical 

technologies. Having a technical reference that is current and available in 

a format that meets users’ needs could help to minimize the risk of 

inconsistent identification and protection of U.S. critical weapon systems 

and technologies and, in turn, preserve U.S. technological edge for the 

warfighter. Gaining an understanding of users’ information requirements 

on what is militarily critical is an important first step as DOD builds a case 

for future program funding for the MCTL or other approaches. 

Recommendations for 

Executive Action 

Recognizing that there are widespread requirements to know what is 

militarily critical, we recommend that the Secretary of Defense take the 

following two actions: 

1. determine the best approach to meeting users’ needs for a technical 

reference, whether it be MCTL, other alternatives being used, or some 

combination thereof; and 

2. ensure that resources are coordinated and efficiently devoted to 

sustain the approach chosen. 

If DOD determines that the MCTL is not the optimal solution for aiding 

programs’ efforts to identify militarily critical technologies, we also 

recommend that the Secretary of Defense seek necessary relief from 

DOD’s current responsibility. 

Page 18 


Agency Comments 

We provided a copy of this report to DOD, Commerce, and State for their 

review and comment. In its written comments, reproduced in appendix III, 

DOD concurred with our recommendations. DOD, Commerce, and State 

provided technical comments that we have incorporated as appropriate. 

We are sending copies of this report to interested congressional 

committees, as well as the Secretaries of Commerce, Defense, State, 

and Treasury. In addition, the report will be available at no charge on 

GAO’s web site at http://www.gao.gov. 

If you or your staff have any questions about this report, please contact 

me at (202) 512-4841 or martinb@gao.gov. Contact points for our Offices 

of Congressional Relations and Public Affairs may be found on the last 

page of this report. GAO staff who made key contributions to this report 

are listed in appendix IV. 

Belva M. Martin 

Director 

Acquisition and Sourcing Management 

Page 19 


List of Committees 

The Honorable Carl Levin 

Chairman 

The Honorable James M. Inhofe 

Ranking Member 

Committee on Armed Services 

United States Senate 

The Honorable John Kerry 

Chairman 

The Honorable Bob Corker 


Committee on Foreign Relations 

United States Senate 

The Honorable Howard P. McKeon 

Chairman 

The Honorable Adam Smith 


Committee on Armed Services 

House of Representatives 

The Honorable Ed Royce 

Chairman 

The Honorable Eliot L. Engel 


Committee on Foreign Affairs 

House of Representatives 

Page 20 


Appendix I: Scope Appendix I: Scope and Methodology 

To determine the extent to which the Department of Defense (DOD) 

addressed identified weaknesses in updating and maintaining the 

Militarily Critical Technologies List (MCTL), we obtained program 

documents such as the MCTL Concept of Operations which was drafted 

in 2010. We also reviewed various DOD policy documents such as DOD 

Instruction 3020.46, The Militarily Critical Technologies List, which was 

issued in 2008. We interviewed officials from the Militarily Critical 

Technologies Program and the Institute for Defense Analyses (IDA) about 

initiatives or actions taken to address MCTL shortcomings and obtained 

program funding data. Using program documentation and reviews of 

MCTL content available on the IDA and Defense Technology Information 

Center websites, we assessed DOD’s efforts to update MCTL technology 

sections in accordance with requirements set forth in DOD policy. We 

also interviewed officials within DOD and the Departments of Commerce, 

State, and Treasury to obtain their perspectives on the MCTL. We 

compared DOD’s efforts to enhance the MCTL with criteria in Standards 

for Internal Control in the Federal Government specifically that agency 

management should ensure there are adequate means of obtaining 

information from external stakeholders who may have a significant impact 

on the agency achieving its goals. 1 

To determine the extent to which programs use the MCTL as a resource 

to identify critical technologies, we interviewed officials from DOD, 

Commerce, State, and Treasury. These officials represent programs that 

we have previously identified as central to the identification and protection 

of critical technologies. (See appendix II for a description of these 

programs.) Within DOD, we discussed use of the MCTL with officials from 

various offices including the Anti-Tamper Executive Agent, Defense 

Security Cooperation Agency, Defense Security Service, Defense 

Technology Security Administration, Deputy Assistant Secretary of 

Defense for Systems Engineering, and the U.S. Navy Anti-Tamper 

Technical Authority. We also interviewed representatives from a defense 

contractor and a federally funded research and development center about 

their use of the MCTL. We also reviewed applicable statutory provisions 

such as the Export Administration Act of 1979 to identify the purposes for 

which the MCTL was established. To assess the degree to which the 

MCTL has been integrated in various DOD program activities and 

initiatives, we interviewed DOD officials and reviewed department and 

1 GAO/AIMD-00-21.3.1. 

Page 21 


Appendix I: Scope and Methodology 

military service-level guidance and policy documents regarding the use of 

the MCTL to inform export control and other policy decisions. 

We conducted this performance audit from May 2012 through January 

2013 in accordance with generally accepted government auditing 

standards. Those standards require that we plan and perform the audit to 

obtain sufficient, appropriate evidence to provide a reasonable basis for 

our findings and conclusions based on our audit objectives. We believe 

that the evidence obtained provides a reasonable basis for our findings 

and conclusions based on our audit objectives. 

Page 22 


Appendix II: U.S. Technology 

Appendix II: U.S. Government Technology 

Protection Programs 

Protection Programs 

The U.S. government has a number of programs to identify and protect 

critical technologies. These programs include those that regulate the 

exports of defense items and investigate the proposed foreign 

acquisitions of U.S. national-security related companies. Multiple federal 

agencies administer or play a role in these programs which are described 

in Table 2. In 2007, GAO named these programs as part of a high risk 

area, Protection of Technologies Critical to U.S. National Security 

Interests. 1 

Table 2: U.S. Government Programs for the Identification and Protection of Critical Technologies 

Program Agencies Program’s purpose 

Militarily Critical Technologies Defense 

Identify and assess technologies that are critical for retaining U.S. 

Program 

military dominance 

Dual-Use Export Control 

System 

Arms Export Control System 

Foreign Military Sales 

Program 

National Disclosure Policy 

Process 

Committee on Foreign 

Investment in the United 

States (CFIUS) 

National Industrial Security 

Program 

Commerce (lead), State, Central 

Intelligence Agency, Defense, 

Energy, Homeland Security, and 

Justice 

State (lead), Defense, Homeland 

Security, and Justice 

State and Defense (leads), 

Homeland Security 

State, Defense, and intelligence 

community 

Treasury (lead), Commerce, 

Defense, Homeland Security, 

Justice, State, and six offices 

from the Executive Office of the 

President 

Defense (lead), applicable to 

other departments and agencies 

Regulate export of dual-use items by U.S. companies after 

weighing economic, national security, and foreign policy interests; 

the Commerce Control List is maintained under this system 

Regulate export of arms by U.S. companies, giving primary to 

national security and foreign policy concerns; the U.S. Munitions 

List is maintained under this system 

Provide foreign governments with U.S. defense articles and 

services to help promote interoperability while lowering the unit 

costs of weapon systems 

Determine the releasability of classified military information, 

including classified weapons and military technologies, to foreign 

governments 

Investigate the impact of foreign acquisitions on national security 

and to suspend or prohibit acquisitions that might threaten 

national security 

Ensure that contractors, licensees, and grantees appropriately 

safeguard classified information in their possession by ensuring 

uniformity in security procedures 

Anti-Tamper Policy Defense Establish anti-tamper techniques on weapons systems when 

warranted as a method to protect critical technologies on these 

systems, thereby preventing and/or delaying exploitation of critical 

technologies in U.S. weapons systems 

Source: GAO. 

1 GAO-07-310. 

Page 23 


Appendix III: from the Department 

Appendix III: Comments from the 

of Defense 

Department of Defense 

Page 24 


Appendix III: Comments from the Department 

of Defense 

Page 25 


Appendix IV: GAO and Staff 

Appendix IV: GAO Contact and Staff 

Acknowledgments 


GAO Contact 

Staff 


Belva Martin, (202) 512-4841 or martinb@gao.gov 

In addition to the contact named above, John Neumann, Assistant 

Director and Candice Wright, analyst-in-charge, managed this review and 

Emily McClintock and Jonathan Mulcare made significant contributions to 

the work. Richard Burkard and Hai Tran provided legal support and 

technical expertise, respectively. Laura Greifner provided assistance in 

report preparation and Roxanna Sun provided graphics support. 

(121070) 

Page 26 


GAO’s Mission 

Obtaining Copies of 

GAO Reports and 

Testimony 

Order by Phone 

Connect with GAO 

To Report Fraud, 

Waste, and Abuse in 

Federal Programs 

Congressional 

Relations 

Public Affairs 

The Government Accountability Office, the audit, evaluation, and 

investigative arm of Congress, exists to support Congress in meeting its 

constitutional responsibilities and to help improve the performance and 

accountability of the federal government for the American people. GAO 

examines the use of public funds; evaluates federal programs and 

policies; and provides analyses, recommendations, and other assistance 

to help Congress make informed oversight, policy, and funding decisions. 

GAO’s commitment to good government is reflected in its core values of 

accountability, integrity, and reliability. 

The fastest and easiest way to obtain copies of GAO documents at no 

cost is through GAO’s website (http://www.gao.gov). Each weekday 

afternoon, GAO posts on its website newly released reports, testimony, 

and correspondence. To have GAO e-mail you a list of newly posted 

products, go to http://www.gao.gov and select “E-mail Updates.” 

The price of each GAO publication reflects GAO’s actual cost of 

production and distribution and depends on the number of pages in the 

publication and whether the publication is printed in color or black and 

white. Pricing and ordering information is posted on GAO’s website, 

http://www.gao.gov/ordering.htm. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 

TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 

MasterCard, Visa, check, or money order. Call for additional information. 

Connect with GAO on Facebook, Flickr, Twitter, and YouTube. 

Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts. 

Visit GAO on the web at www.gao.gov. 

Contact: 

Website: http://www.gao.gov/fraudnet/fraudnet.htm 

E-mail: fraudnet@gao.gov 

Automated answering system: (800) 424-5454 or (202) 512-7470 

Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512- 

4400, U.S. Government Accountability Office, 441 G Street NW, Room 

7125, Washington, DC 20548 

Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 

U.S. Government Accountability Office, 441 G Street NW, Room 7149 

Washington, DC 20548 

Please Print on Recycled Paper.

GAO-13-157, PROTECTING DEFENSE TECHNOLOGIES: DOD ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?